[ advisories | exploits | discussions | news | conventions | security tools | texts & papers ]
 main menu
- feedback
- advertising
- privacy
- FightAIDS
- newsletter
- news
 
 discussions
- read forum
- new topic
- search
 

 meetings
- meetings list
- recent additions
- add your info
 
 top 100 sites
- visit top sites
- sign up now
- members
 
 webmasters

- add your url
- add domain
- search box
- link to us

 
 projects
- our projects
- free email
 
 m4d network
- security software
- secureroot
- m4d.com
Home : Advisories : AT&T System V Release 4 /bin/login Vulnerability

Title: AT&T System V Release 4 /bin/login Vulnerability
Released by: CERT
Date: 23rd May 1991
Printable version: Click here
-----BEGIN PGP SIGNED MESSAGE-----

Hash: SHA1



- ---------------------------------------------------------------------------

CA-91:08 

Last Revised: Spetmeber 18,1997

                Attached copyright statement



                               CERT Advisory

                                 May 23, 1991

               AT&T System V Release 4 /bin/login Vulnerability



- ---------------------------------------------------------------------------



The Computer Emergency Response Team/Coordination Center (CERT/CC) has

received information concerning a security vulnerability in AT&T's UNIX(r)

System V Release 4 operating system.  AT&T is providing a software upgrade 

for Release 4 operating system vendors and a patch for AT&T Computer Systems

customers.  AT&T has also provided a suggested fix for all Release 4

based systems.

  

- ---------------------------------------------------------------------------

I.   DESCRIPTION:



     A security vulnerability exists in /bin/login in AT&T's System V

     Release 4 operating system.





II.  IMPACT:



     System users can gain unauthorized privileges.





III. SOLUTION:

    

     A.  AT&T Computer Systems customers



         Log into the root account.  Change the execution permission on

         the file /bin/login.



                chmod 500 /bin/login



         Contact AT&T Computer Systems at 800-922-0354 to obtain a fix.

         The numbers associated with the fix are 156 (3.5" media) and

         157 (5.25" media).



         International customers should contact their local AT&T 

         Computer Systems representative.



     B.  All other System V Release 4 based systems



         Log into the root account.  Change the execution permission on

         the file /bin/login.



                chmod 500 /bin/login



         Release 4 customers should contact their operating system

         supplier for details on the availability of the software

         update.



- ---------------------------------------------------------------------------

The CERT/CC would like to thank AT&T for their timely response to our

report of this vulnerability.

- ---------------------------------------------------------------------------



If you believe that your system has been compromised, contact CERT/CC via

telephone or e-mail.



Computer Emergency Response Team/Coordination Center (CERT/CC)

Software Engineering Institute

Carnegie Mellon University

Pittsburgh, PA 15213-3890



Internet E-mail: cert@cert.org

Telephone: 412-268-7090 24-hour hotline:

           CERT/CC personnel answer 7:30a.m.-6:00p.m. EST,

           on call for emergencies during other hours.



Past advisories and other computer security related information are available

for anonymous ftp from the cert.org (192.88.209.5) system.



- -----------------------------------------------------------------------------





Copyright 1991 Carnegie Mellon University. Conditions for use, disclaimers,

and sponsorship information can be found in

http://www.cert.org/legal_stuff.html and http://ftp.cert.org/pub/legal_stuff .

If you do not have FTP or web access, send mail to cert@cert.org with

"copyright" in the subject line.



CERT is registered in the U.S. Patent and Trademark Office.



~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



Revision History



September 18,1997  Attached Copyright Statement



-----BEGIN PGP SIGNATURE-----

Version: PGP for Personal Privacy 5.0

Charset: noconv



iQA/AwUBOBS9Elr9kb5qlZHQEQJxNwCg5Jcq0Y+WfMy4lI2EaZFmtFG/yosAniO2

DpW4FKfOVUGLXRUPumxMu+dW

=4xPv

-----END PGP SIGNATURE-----








(C) 1999-2000 All rights reserved.